Bitcoin Forum
September 23, 2018, 01:43:59 AM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Why bctalk accounts are getting hacked?  (Read 236 times)
papampi_2
Newbie
*
Offline Offline

Activity: 49
Merit: 0


View Profile
August 25, 2018, 09:48:37 PM
 #21

I hope that the launched of the new bitcointalk forum will have a more security feautures like 2fa or the use of verified signed bitcoin address.
Actually most of the hacks are coming from "Secret Question".
If you dont have "Secret Question" and want to change email or password, forum will send you email notification to approve your request.
But if you have "Secret Question" , it will ask it, then the hacker have unlimited tries/retries to guess the answer and change your email and password.

Mine got hacked by my "Secret Question" .
If the "Secret Question" is one of the reasons why accounts are being hacked, then why is it still there? More people will get confused whether they will use it or not. Huh


Please either dont quote a message or fully quote it ...


You can see this in your profile>Account Related Settings>Secret Question
Its written in BOLD :

Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password.



Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537667039
Hero Member
*
Offline Offline

Posts: 1537667039

View Profile Personal Message (Offline)

Ignore
1537667039
Reply with quote  #2

1537667039
Report to moderator
1537667039
Hero Member
*
Offline Offline

Posts: 1537667039

View Profile Personal Message (Offline)

Ignore
1537667039
Reply with quote  #2

1537667039
Report to moderator
1537667039
Hero Member
*
Offline Offline

Posts: 1537667039

View Profile Personal Message (Offline)

Ignore
1537667039
Reply with quote  #2

1537667039
Report to moderator
Silent26
Sr. Member
****
Offline Offline

Activity: 364
Merit: 296


Politeness: 1226: - 0 / - 1


View Profile
August 25, 2018, 10:21:34 PM
 #22

I'm also wondering why there are still issues about hacked account excluding those accounts that has been hacked in that database leak back in 2015. I mean, are they too careless?

I'm thinking that maybe some bounties also contains phishing. Some bounties requires a some sort of "google form" where applicants must fill up first and it's possible that some of those forms are phishing. As we can see, most of those reported accounts that has been hacked are participating bounties.

- Don’t click on links posted on this forum
That would definitely avoid phishing links  Cheesy but not all links posted in this forum are phishing. I prefer "Checking the link first before clicking it" since some links are useful and some are obviously not phishing.
I hardly believe the number of people using a weak password is so hight
Yeah, people would be so stupid to put "123455789" or "qwerty" etc as their password. Though some really do  Grin

I'm taking good care of my account, I'm checking links before I click them, I'm not logging in to any public PC or someone else's phone and I'm using a strong password, lets just see if my account will still be hacked in the future. But I'm hoping I will not happen.

My additional tip is to avoid joining bounties/airdrops or check their form first before putting information or clicking the link. It's really possible that some phishing links are from other bounties/airdrops.

Is anyone ever think of that?

There are more accounts hacked with a low rank than a hight one
It's probably because I'm right that most of these accounts are participating bounties where some bounties contains phishing.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
TryNinja
Hero Member
*****
Offline Offline

Activity: 770
Merit: 760


ChipMixer's Badge of Honor


View Profile
August 26, 2018, 04:46:24 AM
 #23

~
If you are so sure about this, why don't you set up a Secret Question and try yourself?

Spoiler: NO. No one can access your account with just the secret answer. This will only lock your account - as explained in the previous page. Please read the whole thread before making a new post.


Silent26
Sr. Member
****
Offline Offline

Activity: 364
Merit: 296


Politeness: 1226: - 0 / - 1


View Profile
August 26, 2018, 06:17:34 AM
 #24

Spoiler: NO. No one can access your account with just the secret answer. This will only lock your account - as explained in the previous page. Please read the whole thread before making a new post.
I never tried/used secret password and I don't plan to use it for unknown reasons but if no one can access your account by just using it, why it says "To help retrieve your password, enter a question here with an answer that only you know. Using this feature is not recommended. Anyone who guesses your secret answer will have access to your account. It's like a second password."

It means anyone who can guess it will have access to the account because it's like a second password and is used to retrieve the account. I'm really confused which one to believe. But I don't want to try it myself.

But actually, I've set a secret question in my account before. I just forgot what's the answer  Huh

I've read the topic about this secret question in the link you have provided in the first page but I'm just wondering why the description says different. Well I believe you now as there are several members who already tested it out.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
mdayonliner
Sr. Member
****
Offline Offline

Activity: 294
Merit: 273


Over 13BTC http://bit.ly/BTCLoan


View Profile
August 26, 2018, 11:23:03 AM
 #25

Most of the accounts are registered after 2015
I never seen any stats. My one was just an assumption.

Quote
No, frequent users do not use google to connect to the forum. Either they type the URL address or they use the bookmarked URL in their browser
I used know a person who used to be my business partner in an online business. I have seen him never typing the address on the address bar, he was more comfortable to type on the google search box and then clicking the ad link to visit the site LOL

Quote
I hardly believe the number of people using a weak password is so hight
I too like to believe that people use at-least a moderated password. The phishing links could be the highest possible reason we could think of.


But actually, I've set a secret question in my account before. I just forgot what's the answer  Huh
Don't worry... follow this


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
TryNinja
Hero Member
*****
Offline Offline

Activity: 770
Merit: 760


ChipMixer's Badge of Honor


View Profile
August 26, 2018, 12:27:19 PM
 #26

I've read the topic about this secret question in the link you have provided in the first page but I'm just wondering why the description says different. Well I believe you now as there are several members who already tested it out.
Did you even read the link I posted? Or just the title?

The forum software (SMF) includes the Secret Question method of recovery by default. However, theymos disabled that option for security purposes due to the 2015 hack that leaked the Secret Questions and Answers of the users. He didn't change the page text (that says you can recover your acc with the Secret Question), but it doesn't matter.

[...] The reason that the accounts are locked is because the May 2015 hack leaked Bitcointalk's database which did not securely secure the Secret Question and Answer. To prevent people from guessing the answers, theymos made it so that accounts that are recovered using the secret question are automatically locked when the option is attempted. This is to prevent hackers who may be able to guess the answers from the leaked database. [...]

Silent26
Sr. Member
****
Offline Offline

Activity: 364
Merit: 296


Politeness: 1226: - 0 / - 1


View Profile
August 27, 2018, 02:27:09 AM
 #27

Did you even read the link I posted?
Yeah I did.
I've read the topic about this secret question in the link you have provided
But didn't read several replies as the OP already gave me the information I'm looking for. Anyway thanks for the info.
Don't worry... follow this
Thanks @mdayonliner.


       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
   
       █
      ██
     ██
   ██ ██
 █ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
██ ██ ██
  B

          ▄▄▄▄▄▄
     ▄▄████████████▄▄
   ▄█████▀▀    ▀▀█████▄
  ████▀            ▀████
 ████                ████
▐███                  ███▌
███▌                  ▐███
▐███           ▄▄     ███▌
 ████         ▀███▄  ▐███
  ████▄         ▀███▄███
   ▀█████▄▄     ▄█████▀
     ▀▀████████████▀▀
          ▀▀▀▀▀▀
T 
Better. Quick.

Transparent.






             ▄████▄▄   ▄
█▄          ██████████▀▄
███        ███████████▀
▐████▄     ██████████▌
▄▄██████▄▄▄▄█████████▌
▀████████████████████
  ▀█████████████████
  ▄▄███████████████
   ▀█████████████▀
    ▄▄█████████▀
▀▀██████████▀
    ▀▀▀▀▀






▄█████████████████████████▄
███████████████████████████
███████████████▀       ████
██████████████      ▄▄▄████
██████████████    ▐████████
██████████████    ▐████████
██████████            ▐████
██████████            █████
██████████████    ▐████████
██████████████    ▐████████
██████████████    ▐████████
▀█████████████    ▐███████▀






                   ▄▄████
              ▄▄████████▌
         ▄▄█████████▀███
    ▄▄██████████▀▀ ▄███▌
▄████████████▀▀  ▄█████
▀▀▀███████▀   ▄███████▌
      ██    ▄█████████
       █  ▄██████████▌
       █  ███████████
       █ ██▀ ▀██████▌
       ██▀     ▀████
                 ▀█▌
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!